name: "Code QA - CodeQL"



on:
  workflow_dispatch:

  push:
    branches:
      - master
    tags:
      - '*'
#    paths-ignore:   # Intentionally commented out, as CodeQL does not run for a PR, if it didn't run for PR's base commit
#      - '.github/**'
#      - '.gitignore'
#      - 'ChangeLog'
#      - 'COPYING'
#      - 'configure.scan'
#      - 'packaging/**'
#      - 'dev-tools/**'
##      - '!dev-tools/libexec/get-release-*.sh'
#      - 'doc/**'
#      - 'etc/**'
#      - 'install/**'
#      - 'lib/*/IMPORT.defs'
#      - 'lib/*/LICENSE'
#      - 'README.md'

  pull_request:
    branches:
      - master
    paths-ignore:
      - '.github/**'
      - '.gitignore'
      - 'ChangeLog'
      - 'COPYING'
      - 'configure.scan'
      - 'packaging/**'
      - 'dev-tools/**'
#      - '!dev-tools/libexec/get-release-*.sh'
      - 'doc/**'
      - 'etc/**'
      - 'install/**'
      - 'lib/*/IMPORT.defs'
      - 'lib/*/LICENSE'
      - 'README.md'



jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-20.04

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    # Work around the fix for CVE-2022-24765
    - run: git config --global --add safe.directory $GITHUB_WORKSPACE || true


    ### Initialize the CodeQL tools for scanning
    #
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: cpp

    ### Build
    #
    - run: ./bootstrap.sh
    - run: ./configure --enable-option-checking=fatal --enable-everything
    - run: make -j4

    ### Run the scan
    #
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
